[OpenID] 2-Headed OpenID Auth for Increased Security?

[SitG Admin]

>To mitigate this problem, one idea I have would be to utilize a 
>2-headed OpenID auth scheme, whereby a "higher security" RP (like my 
>bank) would require OpenID authentication assertions from two 
>separate OP's.

I've been in favor of this idea for several months.

>On the face of it all, this approach would seem to require two 
>different OpenIDs (one for each OP).  However, using Yadis/XRDS, one 
>could specify a primary and secondary OP for a particular OpenID.

I considered this. However, your risk is now that the host for your 
URI will turn on you or otherwise become compromised (someone breaks 
into the server hosting your site).

>I suppose there are several ways to make this happen, but I'd 
>appreciate any feedback on this idea...

Why limit it to just *two* heads? One goes down, or is taken down, or 
the route to either is blocked . . . and your security system either 
prevents login, or "gracefully" fails by allowing the user to log in 
with only one OP anyway (when the user *could* have been just 
*pretending* to be unable to contact the second OP from where they 
were). Give it three, or more - and allow the user to specify, on 
login, *which* OP's they want to use. You can even use something 
similar to the XRI syntax for this, thus gradually bringing it into 
the mainstream by familiarizing users with it;
http://openid.net/pipermail/general/2008-November/006339.html
Something like "me.yahoo.com!me.google.com#blind=yes", in a nod to 
the old bang pathing :)

-Shade